Method for Processing Reliability of Site Within Intranet on Virtual Machine Outside Intranet

The present disclosure relates to a processing system and an information processing method for processing reliability of a site within an intranet on a virtual machine external to the intranet.

There have been widespread communication terminals equipped with web browsers (hereinafter, referred to as browsers) for users to browse web pages including HyperText Markup Language (HTML) documents on. By displaying web pages of external services that operates on external servers using the browsers, the communication terminals can cooperate with the external services.

Meanwhile, as a type of browsers, there is a cloud browser that generates rendering results of web pages on a cloud server. Execution of processing with high calculation load, such as analysis processing and execution processing of a web page, on the server reduces the calculation load of communication terminals.

Regarding cloud browsers, browser engines that perform processing of analyzing web pages and generating rendering results are implemented on virtual machines operating on cloud servers. Browser engines implemented on cloud servers render web pages, convert the rendering results into images, and provide image data as the rendering results to communication terminals, and the communication terminals display the image data. In this way, users browse web pages. Further, when input information (input events performed on keyboards, mouses, or touch panels) entered on communication terminals is transmitted to cloud servers and passed on to browser engines that operate on the cloud server, that allows browsers to be operated and to look as if the browsers operated on the communication terminals. Various kinds of device resources used for personal computers (PCs) are virtually allocated to virtual machines. Thus, a browser engine or browser engines running on a virtual machine can be operated in the same manner as on a PC.

Pieces of processing performed by browsers include processing of connecting to sites on an intranet, rendering web pages of the sites, and providing the rendered image data to communication terminals. Some sites on an intranet issue dedicated server certificates and dedicated root certificates to enhance the security by encrypted communication based on HTTPS connection.

There is a disclosed method in which dedicated root certificates are additionally registered in a shared region in an image forming apparatus, such as a multifunction peripheral (MFP), to establish connections from applications in the image forming apparatus to sites on an intranet that issue the dedicated server certificates and dedicated root certificates (Japanese Patent Application Laid-Open No. 2019-49799).

With the above-described technique implemented, when an application of an image forming apparatus, such as a browser, connects to a site on an intranet that issues a dedicated server certificate and a dedicated root certificate, the image forming apparatus can verify the reliability of the site on the intranet.

However, the above-described technique does not verify the reliability of the site on the intranet with a cloud browser on a virtual machine outside the intranet.

In view of the above issue, the present disclosure is directed to enabling verification of the reliability of a site within an intranet using a cloud browser on a virtual machine external to the intranet.

According to an aspect of the present disclosure, an information processing apparatus that provides a rendering result of a web page based on a request from a communication terminal connected to an intranet includes an interface device configured to receive a root certificate for a website on the intranet from the communication terminal, and a memory storing a program and a processor configured to, when executing the program, cause the information processing apparatus to perform, when the web page of the website on the intranet is rendered, verification of reliability of the website on the intranet with the root certificate.

Further features of the present disclosure will become apparent from the following description of exemplary embodiments with reference to the attached drawings.

Some exemplary embodiments of the present disclosure will now be described with reference to the drawings. The following exemplary embodiments are not seen to limit the present disclosure. Not all of the combinations of features described in the exemplary embodiments need to be used by the present disclosure. The same components will be denoted by the same reference numerals.

A first exemplary embodiment will now be described.is an example of a block diagram illustrating the configuration of a system according to the present exemplary embodiment.

An information processing systemincludes a communication terminaland an image generation system.

A user browses and operates a screen of the communication terminal. The communication terminalis connected to the image generation systemvia a network, and transmits operation information and image acquisition requests of rendering results to the image generation system. The network in the present exemplary embodiment can be any combination of the Internet, a wide area network (WAN), and a local area network (LAN). A plurality of communication terminals can be provided.

An intranetincludes the communication terminalconnected thereto and a website Aaccessible within the intranet. The website Aholds a web page specified by a Uniform Resource Locator (URL) and files linked to the web page.

A website Bis a general external service, such as a search site or a news site on the Internet external to the intranet. Like the website A, the website Bholds a web page specified by a URL and files linked to the web page. The image generation systemincludes a virtual machine, a storage service, and a gateway. The image generation systemmay be any information processing apparatus as long as the information processing apparatus accesses a web page specified by a URL and acquires a rendering result of the web page. For example, the image generation systemhas at least the functions of the virtual machine, the storage service, and the gateway, and can be configured to include each of the above components as a separate body. The virtual machineincludes a communication terminal cooperation moduleand a browser engine.

A basic process of a cloud browser until a web page is displayed on the communication terminalwill now be described.

When the user enters a URL on the communication terminal, the URL is sent to the communication terminal cooperation moduleof the image generation system. The communication terminal cooperation modulerequests the browser engineto acquire and analyze the web page specified by the URL, and to generate an image from the rendering result. The browser engineaccesses the website Aor the website Bvia the gateway, acquires and analyzes the web page specified by the URL, and generates the image from the rendering result. The browser enginenotifies the communication terminal cooperation moduleof completion of generation of the rendering result image. Upon receiving the notification of the completion of the generation of the rendering result image from the browser engine, the communication terminal cooperation moduleacquires the rendering result image from the browser engineand stores the image in the storage serviceconnected via the network.

The communication terminal cooperation modulenotifies the communication terminalof completion of storage of the rendering result image. Upon receiving the notification of the completion of the storage of the rendering result image from the communication terminal cooperation module, the communication terminalrequests the storage serviceto acquire and display the rendering result image.

A process performed when the security of the website Aand the website Bis enhanced by encrypted communication based on HTTPS connection will now be described.

The website Bis a general external service, such as a search site or a news site, on the Internet external to the intranet. Thus, when the web browser of a PC accesses the website B, the server certificate for the website Bis verified with the root certificate to verify the reliability of the website B. The root certificate used in this case is generally available to the public, and is provided in advance in the operating system (OS) or the web browser on the PC. In the cloud browser, the OS of the virtual machineor the browser engineholds the root certificate for the website B. Thus, the cloud browser can verify the reliability of the website Band access the website B.

The website Ais made accessible within the intranet, and its security is enhanced by encrypted communication based on HTTPS connection with the issued dedicated server certificate and root certificate. The dedicated root certificate for the website Ais additionally registered to PCs within an intranet, for example. Thus, the PCs can verify the reliability of the website Aand access the website A.

In the cloud browser, the virtual machineexternal to the intranet is used to verify the reliability of the website A. However, when the virtual machinedoes not hold the dedicated root certificate for the website Aon the intranet, the virtual machinecannot verify or access the website A.

In the present exemplary embodiment, a process for verifying the reliability of the website Aused when the cloud browser accesses the website Aon the intranet with enhanced security by encrypted communication based on HTTPS connection will be described.

The intranetmonitors access from external to the intranet with an installed proxy in some cases. While there are various kinds of methods for accessing the intranet from external to the intranet, such as communication tunneling, the detailed description of the methods for accessing the intranet from external to the intranet will be omitted in the present exemplary embodiment. The present exemplary embodiment is described based on the assumption that the image generation systemcan access the communication terminaland the website Avia the gateway.

is a block diagram illustrating an example of a hardware configuration of the communication terminalaccording to the present exemplary embodiment. The communication terminalincludes, as main components, a controller unitthat generally controls the apparatus, an interface device, a hard disk, and a touch panel display. The controller unitincludes a central processing unit (CPU), a read-only memory (ROM), and a random access memory (RAM).

The interface deviceconnects the communication terminalto a network. The communication terminalcan be connected to the image generation system, the website A, and the website B, and can perform data transmission and reception via the interface device.

The CPUexecutes the processing of various processing units in the communication terminal. The ROMstores various kinds of programs to be executed by the CPUand data for the programs. Some programs and data are stored in advance in the hard diskas an external storage device, and read to the RAMto be executed. In the present exemplary embodiment, programs for controlling the function of sending the root certificate for a site on the intranet are stored in the ROMor the hard disk, and the CPUexecutes the processing of the programs. The RAMis a work area for the processing units in the communication terminal, and temporarily stores data to be used during the execution of the programs.

The touch panel displayis a device that serves as both a display unit and an operation unit in the present exemplary embodiment. The touch panel displaydisplays various kinds of image information on a display area and receives input of touch operations by the user. In the present exemplary embodiment, the touch panel displaydisplays the execution screen of a viewer, which is an application for acquiring and displaying the image of the rendering result of a web page. User interface (UI) operation items, such as buttons that respond to input operations by the user and a software keyboard used for entering characters, are displayed as a graphical user interface (GUI). The touch panel displayincludes touch sensors provided in the display area. When the user touches the touch panel displaywith a finger, for example, signals detected by a touch sensor are processed with a touch-sensor program stored in the ROM, and the touched positions are calculated as coordinates on the touch panel display. A program for displaying the GUI acquires the touched UI operation items and details of the operation based on the calculated coordinates and the coordinates of the UI operation items constituting the GUI displayed on the touch panel display.

is a block diagram illustrating an example of a hardware configuration of the virtual machineaccording to the present exemplary embodiment. The virtual machineincludes, as main components, a controller unitthat controls the virtual machine, an interface device, and a hard disk. The controller unitincludes a CPU, a ROM, and a RAM.

The CPUexecutes the processing of various processing units in the virtual machine. The ROMstores various kinds of programs to be executed by the CPUand data for the programs. Some programs and date are stored in advance in the hard diskas an external storage device, and read to the RAMto be executed. In the present exemplary embodiment, programs for controlling, for example, the verification of the reliability of the website Awith the root certificate sent from the communication terminalis stored in the ROMor the hard disk, and the CPUexecutes the processing of the programs. The RAMis a work area for the processing units in the virtual machine, and temporarily stores data to be used during the execution of the programs.

The interface deviceconnects the virtual machineto a network. The virtual machinecan be connected to the communication terminal, the website A, the website B, and the storage service, and can perform data transmission and reception via the interface device.

A procedure of the general process according to the present exemplary embodiment executed by the communication terminalwill be described with reference to the flowchart illustrated in. The process of the flowchart illustrated inis performed when the CPUstores programs, which are stored in the ROM, in the RAM, and executes the programs.

In step S, the communication terminaltransmits an activation instruction for a cloud browser to the image generation system.

In step S, the communication terminalreceives an activation result of the cloud browser from the image generation system.

In step S, based on the result received in step S, the communication terminaldetermines whether the cloud browser is activated. If the cloud browser is activated (YES in step S), the processing proceeds to step S. If the cloud browser is not activated (NO in step S), the processing ends.

In step S, the communication terminalsends a root certificate for a site on the intranet to the cloud browser activated in the image generation system, i.e., to the virtual machine. For example, the communication terminalstores the root certificate in its shared area. When holding a plurality of root certificates, the communication terminalsends all of the root certificates.

In step S, the communication terminaldetects a user operation performed on its screen.

In step S, the communication terminaldetermines whether the operation detected in step Sis an input of a URL for accessing a website. In the present exemplary embodiment, suppose that a URL for accessing the website Ais entered in step S. If the operation in step Sis an input of a URL (YES in step S), the processing proceeds to step S. If the operation is not an input of a URL (NO in step S), the processing proceeds to step S. The present exemplary embodiment does not limit the methods for entering a URL. The user may directly enter a URL using a software keyboard displayed on the screen, or may specify a URL with a function corresponding to a bookmark used in a general web browser.

In step S, the communication terminaltransmits the URL entered thereon by the user to the image generation system.

In step S, the communication terminalreceives information sent from the image generation system. Examples of the information include a state indicating that the rendering is completed, a URL for accessing the rendering result stored in the storage serviceof the image generation system, and error information indicating that the rendering is not generated.

In step S, the communication terminaldetermines whether the information received in step Sincludes information indicating that the rendering for the URL transmitted to the image generation systemin step Sis completed. If the information is included (YES in step S), the processing proceeds to step S. If the information is not included (NO in step S), the processing proceeds to step S.

In step S, the communication terminalaccesses the storage serviceof the image generation systemusing the URL, which is received in step S, for accessing the rendering result stored in the storage service, and acquires the stored rendering result.

In step S, the communication terminaldisplays the rendering result acquired in step Son the display. Thus, the screen displaying the website accessed with the URL entered by the user can be viewed.

In step S, the communication terminaldetermines whether the information received in step Sincludes error information indicating that the rendering is not generated. If the information is included (YES in step S), the processing proceeds to step S. If the information is not included, the processing returns to step S.

In step S, the communication terminaldisplays the error information received in Son the display.

In step S, the communication terminaldetermines whether the operation detected in step Sis a termination instruction for the cloud browser. If the instruction is to terminate the cloud browser (YES in step S), the processing proceeds to step S. If not (NO in step S), the processing returns to step S.

In step S, the communication terminaltransmits, to the image generation system, a deletion instruction for the root certificate sent in step S.

A procedure of the general process of the image generation systemon the cloud server according to the present exemplary embodiment will be described with reference to the flowchart illustrated in. The process of the flowchart in, which illustrates the processing of the virtual machineand the browser engine, is performed when the CPUstores programs, which are stored in the ROM, in the RAM, and executes the programs.